The Harlow Report - GIS

ISSN 0742-468X
Since 1978
On-line Since
Y2K

Archived Industry Notes: Technology
Published in 2010

Virtual desktop trials soar as technology improves

Industry pundits said 2010 would be the year of the virtual desktop proof-of-concept trial, and so far, the vision looks to be coming true in a big way.

With desktops a commodity and IT shops under pressure to economize, enterprises have picked spots to test virtual desktops. Many have also considered remaking their corporate infrastructures to accommodate the high-bandwidth requirements of some applications running on thin clients, and they have begun to look into hosted desktops.

One catalyst of this is the migration to Windows 7, for which IT shops have weighed the value of hosting versus that of keeping physical PCs on the premises. Better products on the market have also spurred virtual desktop trials.

Details Here

first published week of:   05/17/2010

What's faster than rural Internet uploads? Carrier pigeons

Trefor Davies isn’t disguising the fact that the carrier pigeons—named Rory and Tref—are anything more than a rank publicity stunt. Not only that, but it’s a derivative publicity stunt, having already been run once in South Africa. But that’s fine, because it nicely illustrates Davies’ complaints about the state of rural broadband in the UK.

The idea was simple enough: Rory and Tref would be tagged with RFID chips, fitted with microSD memory cards containing several hundred megabytes of video, then released from a Yorkshire farm. The pigeons would fly about 60 miles with the memory cards, while the farm’s Internet connection would be used to upload the same video to YouTube. Would the pigeons carry their data back to their loft before the farmer could upload the clip?

The stunt was designed to have the pigeons win, of course, just as it was in South Africa. On his personal website, Davies said this week that he was “expecting a convincing avian victory.”

Details Here

first published week of:   09/13/2010

Wi-Fi attackers are poisoning web browsers

Public Wi-Fi networks such as those in coffee shops and airports present a bigger security threat than ever to computer users because attackers can intercede over wireless to “poison” users’ browser caches in order to present fake Web pages or even steal data at a later time.That’s according to a security researcher who is the developer of the Kismet wireless network detector and intrusion-detection system, who spoke at the Black Hat conference. He said it’s simple for an attacker over an 802.11 wireless network to take control of a Web browser cache by hijacking a common JavaScript file, for example. Knowledge gained from researchers over the past year, he said, is showing that browser-cache poisoning over Wi-Fi can be kept in a persistent state unless the user knows how to effectively empty the cache. The few defenses the researcher suggested were continuously manually clearing the cache, or using privatebrowser mode. The researcher acknowledged he doesn’t know how widely attacks based on poisoning the browser cache via 802.11 actually are. But the potential for trouble is so evident he said he’d advise corporate security professionals to try to “forbid users from taking laptops onto open networks,” though he admitted, “Your users may lynch you.” He said some vendors, including Verizon, are looking at solving this problem with a custom client that is tied to specific operating systems

Details Here

first published week of:   02/08/2010

WikiLeaks Teaches Enterprises 5 Hard Truths
WikiLeaks shows that enterprises can’t ignore the reach of social networking or changing notions about privacy. Jive Software’s Brian Roddy shares 5 lessons about risk and opportunity that enterprises should absorb now

The recent news of government secrets posted to WikiLeaks is startling because of its size and scale. It is also symptomatic of a problem that practically every enterprise is also facing. Thanks to advent of Web 2.0, employees are demanding the benefits and openness of their social networking experience inside the enterprise. And with that newfound sharing and openness come significant security risks. Here’s my take:

1. People’s notion of privacy is changing quickly, and the enterprise is not immune.

In the consumer world, the boundaries of what’s considered private are continually being lowered. Facebook, Twitter and Zynga have clearly re-defined how we interact with each other and how much we’re willing to share. Governments are asking people to sacrifice privacy in the name of security. As a result, people are expecting and demanding the same level of openness from their government and employers. Enterprises and governments, however, don’t have the luxury of uniformly being open. Not only are they concerned about trade secrets and confidential information, they must operate in a highly regulated world. Employees often don’t understand and often don’t care. So, it’s up to the company or agency to put the right security and compliance processes in place to ensure that it does not run afoul of regulations or compromise its sensitive information. And they need to be able to keep these processes current with evolving norms and regulation.

2. IT can’t use traditional tools to lock the environment up.

Every day people at work are revolting against closed systems, hard to use technology and siloed process. The contrast between their consumer experience and work experience is massive and growing. People are pushing for new ways to communicate, collaborate, and share information. Enterprises are discovering that employees demand new social, Web 2.0 tools. And if they doesn’t deliver, their people will just go around them. Employees will post work information on Twitter, FaceBook, and LinkedIn. They figure out how to get their corporate email on their personal iPhones. They will go outside corporate networks to set up their own social networks for collaborating with each other. They are using consumer Web services for email, instant messaging, shipping files to each other, sharing documents, and storage. These services are cheap, easy to get to and too legion to block.

3. IT can’t just ignore this.

Details Here

first published week of:   12/20/2010

Windows shortcut flaw underpins power plant Trojan

Hackers have developed malware that spreads via USB sticks using a previously unknown security weakness involving Windows’ handling of shortcut files. Malware targeting the security weakness in the handling of ‘lnk shortcut files has been spotted in the wild by Belarus-based security firm VirusBlokAda. The malware uses rootkit-style functionality to mask its presence on infected systems. These rootlet drivers come digitally signed by legitimate software developer Realtek Semiconductor, a further mark of the sophistication of the attack. In an advisory, VirusBlokAda said it has seen numerous incidents of the Trojan spy payloads dropped by the malware since adding detection for the malign code in June. Even fully patched Windows 7 systems are vulnerable to attack in cases where a user views files on an infected USB drive using Windows Explorer, a security blogger reports. Instead of using Windows Autoplay, the malware takes advantage in security weaknesses involving shortcut files. Malicious shortcuts on the USB are reportedly capable of auto-executing if users open an infected storage device on Windows Explorer. Normally, users would have to click on the link for anything to happen. An independent researcher has uncovered evidence that the malware is targeting SCADA control systems, used to control industrial machinery in power plants and factories, and specifically Siemens WinCC SCADA systems. “Looks like this malware was made for espionage,” the independent researcher wrote.

Details Here

first published week of:   07/26/2010

Wiseguy scalpers bought tickets with CAPTCHA-busting botnet

Today the Information Technology (IT) areas of utilities are dealing with ever increasing new demands, while at the same time managing the introduction of new technologies.

[I] spoke recently to Dawn Roth, general manager of IT at Colorado Springs Utilities, about the current challenges being faced by her utility’s  IT department.

Other recent columns you may find valuable for context include: The Unique Challenges of Municipal Utilities, Electric Utility Regulation and Innovation: Today, It’s Everyone’s Challenge, and A CIO Perspective of Generation and Regulation.

Colorado Springs Utilities (CSU) provides electricity, natural gas, water and wastewater services to the Pikes Peak region of Colorado.  The utility is a few hundred meters away from converting all of the customers to smart meters.

Details Here

first published week of:   11/29/2010



Archived Gov't Notes Archived Technology Notes Archived Utility Notes
return to current news

Warning: include(): http:// wrapper is disabled in the server configuration by allow_url_include=0 in C:\domains\STP100152\theharlowreport.com\wwwroot\2010\archivenotes10\archivenotes10_TECH.PHP on line 204

Warning: include(http://www.theharlowreport.com/2007/Amazon_context.txt): failed to open stream: no suitable wrapper could be found in C:\domains\STP100152\theharlowreport.com\wwwroot\2010\archivenotes10\archivenotes10_TECH.PHP on line 204

Warning: include(): Failed opening 'http://www.theharlowreport.com/2007/Amazon_context.txt' for inclusion (include_path='.;C:\php\pear') in C:\domains\STP100152\theharlowreport.com\wwwroot\2010\archivenotes10\archivenotes10_TECH.PHP on line 204